US defense contractors’ networks breached by hackers

Hackers have allegedly broken into the systems of some of the most prominent defense contractors, including Lockheed Martin Corp and other companies that develop weapon systems for the US Department of Defense, reports Reuters, who spoke with a person familiar with the matter.

To breach the systems, hackers reportedly duplicated electronic login keys known as “SecurID,” which are made by the EMC corporation’s RSA security division. It is not yet known if any data was stolen by the hackers. But because of the highly sensitive nature of the information stored on Lockheed’s and other’s systems — data about classified future weapon systems being built for the US military, as well as weapons currently in us in Iraq and Afghanistan — it’s not difficult to assume what kind of info the hackers were after.

Widely used to protect sensitive data, SecurIDs are far more robust than a standard username/password combo that one would use to login to, say, Facebook. Instead, SecurID generates a new series of digits every couple of minutes that the user must enter into the system, along with a unique user pin. Failure to login before the next set of numbers is generated results in denied access to the system.

The breach, said to have been carried out in March, actually involved more than one attack. First came the initial breach on the RSA division, during which hackers stole data the taught them how to copy the security keys. Then came a wave of malware and phishing attacks launched to gain additional user and network data that would allow for greater access to the systems. This type of attack is known as an “Advanced Persistent Threat” or APT.

In addition to an internal investigation into the matter, EMC says it took immediate steps to protect its customers, which included “hardening our IT infrastructure.”

Rich Moy, president of information security firm NSS Labs, tells Reuters that the nature of the attack means a threat remains.

“Given the military targets, and that millions of compromised keys are in circulation, this is not over.”